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DETAILED ACTION 
Response to Arguments 

Applicant's arguments filed 02/03/2005 have been fully considered but they are 
not persuasive. 

• Applicants 1 argument with respect to the rejection of Claims 1 and 5 under 
35 U.S.C § 1 12, first paragraph is respectfully traverses because the referenced 
paragraphs [0042] and [0043] are not the written description of Claims 1 and 5. 

As recited in Claims 1 and 5: 

if the user is denied access, prompting the user to complete a request for quick approval 
wherein the request for quick approval is subjected to an internal exception access process, and 
quick approval is approved based on pre-established criteria; 

retrieving from the centralized database, an exception access rule including pre-established 
criteria; 

applying the exception access rule to the completed request for quick approval; and 
automatically approving access based on the exception access rule. 

Paragraph [0043], as referenced by applicants, describes an access process 
after logging onto UPMS 10 by a user. Exception Access Rules 266 is used for 
evaluating. However, the written description of paragraph [0043] is for logging, not for 

the above-recited limitations, e.g., if the user is denied access, prompting the user to complete a 
request for quick approval wherein the request for quick approval is subjected to an internal exception 
access process ... applying the exception access rule to the completed request for quick approval. 

Paragraph [0042] is the details of requesting for quick approval if the user is denied 
access. However, there is no description Of retrieving from the centralized database, an 



Application/Control Number: 09/842,577 
Art Unit: 2162 



Page 3 



exception access rule including pre-established criteria; applying the exception access rule to the 
completed request for quick approval; and automatically approving access based on the exception 

access rule are not supported by the specification after the access is denied. Therefore, the 
rejection of Claims 1 and 5 under 35 U.S.C § 1 12, first paragraph, is maintained. 



• Applicants' request of withdrawing the rejection of Claim 16 under 35 
U.S.C § 101 is respectfully declined because of the following reasons: 
As set forth in MPEP 2106 (IV) (B) (1), and 2106 (IV) (B) (1) (a): 

When nonfunctional descriptive material is recorded on some 
computer -readable medium, it is not statutory since no requisite 
functionality is present to satisfy the practical application 
requirement. Merely claiming nonfunctional descriptive material 
stored in a computer -readable medium does not make it statutory. 

Data structures not claimed as embodied in computer -readable media 
are descriptive material per se and are not statutory because they 
are not capable of causing functional change in the computer. See, 
e.g., Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760 (claim to a data 
structure per se held nonstatutory) . Such claimed data structures do 
not define any structural and functional interrelationships between 
the data structure and other claimed aspects of the invention which 
permit the data structure' s functionality to be realized. In 
contrast, a claimed computer -readable medium encoded with a data 
structure defines structural and functional interrelationships 
between the data structure and the computer software and hardware 
components which permit the data structure' s functionality to be 
realized, and is thus statutory. 
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Claim 16 is directed to a computer-implemented database, a collection of information 
in a data structure, e.g., a file, but not claimed as embodied in computer readable 
media. Specifically, the claimed computer-implemented database comprises only 

nonfunctional descriptive materials, e.g., pre-established criteria, application data, user data, 
pre-deter mined rules and methodologies data. Therefore, Claim 16 is not Statutory. 

• As argued by applicants at pages 9-1 1 with respect to the rejection of 
Claims 1, 3 and 4 under 35 U.S.C § 103: 

neither Kraenzel nor Behera, considered alone or in combination, describe or suggest a 
method that includes prompting the user to complete a request for quick approval, retrieving, 
from the centralized database, an exception access rule including pre-established criteria, 
applying the exception access rule to the completed request for quick approval, automatically 
approving access based on the exception access rule. 

Examiner respectfully traverses because of the following reasons: 
As shown in FIG. 3 of Kraenzel, if the user is denied access indicating by NO branch 
of box 156, box 162 determines if the user has requested for additional privileges, a 
YES and NO requests prompting the user to select is implied at this box. Instead of granting 
access as indicated at boxes 152-156, an internal exception access process is implemented at 
boxed 162-166 for quick approval. Additional privileges, e.g., read-only, manager... is 
determined at box 166, and if privileges are granted, ACL is updated at box 168 (Col. 3, 
Lines 10-11, Col. 4, Lines 20-43). As shown in FIG. 2 is the process of updating ACL. 
User privileges are determined at box 108, and user's affinity is determined at box 110 

by applying inferendng rules Or exception access rule With pre-established criteria (FIG. 2, Col. 
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3, Lines 58-65 and 15-27, Col. 4, Lines 11-13). Kraenzel further discloses objects are 
stored in the database and can be searched by at least one field (Col. 2, Lines 54-56). A 
series of inferencing rules is used to determine user's affinity by user affinity 
determining object (Col. 3 f Lines 61-62 and 15-27), then profile system 14 enable the 
user to activate one or more inferencing rules as desired (Col. 4, Lines 11-13). As seen, 

an inferencing rule as an exception access rule including pre-established criteria in user affinity 

determining object is retrieved from the database as centralized database by searching. After 

updating ACL, the access is automatically approved based on the inferencing rules Or exception 
access rule (FIG. 3, boxes 156-158, Col. 4, Lines 25-27). 

Claims 2-4 are also rejected with the reasons as discussed above. 

• As argued by applicants at page 18 with respect to the rejection of Claim 

5-15 under 35 U.S.C § 103: 

Specifically, Kraenzel does not describe nor suggest a method that includes tracking a status 
of the request using a tracking component coupled to the centralized interactive database, 
nor if the request for data access is approved, adding at least one of a rule and the user to the 
database. Moreover, Kraenzel does not describe nor suggest a method that includes if the 
user is denied access to the requested data, prompting the user to complete a request for 
quick approval, retrieving, from the centralized database, an exception access rule including 
pre-established criteria, applying the exception access rule to the completed request for quick 
approval, and automatically approving access based on the exception access rule. 

Examiner respectfully traverses because of the following reasons: 
As illustrated at Kraenzel FIG. 3, after making a request access at box 152, a 
status of the request, either YES for retrieving object at box 1 58 or NO for requesting 
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additional privileges at box 162 (Col. 4, Lines 20-35), is tracked by Access Determining 
Object 24 (Col. 3, Lines 5-7) as a tracking component included in Profile System 14, and 
Access Determining Object 24 is coupled to an ACL as centralized interactive database (Col. 
2, Lines 14-16). 

If the request for data access is approved at box 166, ACL is updated at box 168 
(FIG. 3). The update process is illustrated at Col. 3, Line 58-Col. 4, Lines 1 with 
inferencing rules or and a profile for the user. In short, the ACL update process 

performs the Claimed if the request for data access is approved, adding at least one of a rule and the 
user to the database. 

Referring back to Kraenzel FIG. 3, user privilege is determined again at box 156, 
if the user is denied access indicating by NO branch of box 156, box 162 determines if the 
user has requested for additional privileges, a YES and NO requests prompting the user to 
complete the request for quick approval is implied at this box. Additional privileges, e.g., read- 
only, manager... is determined at box 166, and if privileges are granted, ACL is updated 
at box 168 (Col. 3, Lines 10-11, Col. 4, Lines 20-43). As shown in FIG. 2 is the process 
of updating ACL. User privileges are determined at box 108, and user's affinity is 
determined at box 1 1 0 by applying inferencing rules or exception access rule with pre- 
established criteria (FIG. 2, Col. 3, Lines 58-65 and 15-27, Col. 4, Lines 11-13). Kraenzel 
further discloses objects are stored in the database and can be searched by at least 
one field (Col. 2, Lines 54-56). A series of inferencing rules is used to determine user's 
affinity by user affinity determining object (Col. 3, Lines 61-62 and 15-27), then profile 
system 14 enable the user to activate one or more inferencing rules as desired (Col. 4, 
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Lines 11-13). As Seen, an inferencing rule as an exception access rule including pre-established 
criteria in user affinity determining Object is retrieved from the database as centralized 
database by searching. After updating ACL, the access is automatically approved based on the 

inferencing rules or exception access rule (FIG. 3, boxes 156-158, Col. 4, Lines 25-27). 
Claims 2-15 are also rejected with the reasons as discussed above. 

• Applicants 5 arguments at page 23 with respect to the rejection of claim 16 
under 35 U.S.C § 103 is respectfully traverses because Behera discloses the ACL rules 
that comprises a group based access guidelines based on the attributes to set up the 

rule (Behera, Col. 4, lines 42-44) as pre-established criteria data developed from access rules 
and criteria including at least one of Rule Based Access guidelines, Group Based Access guidelines, 
Search & Subscribe Utilities guidelines, Active Positioning Monitoring guidelines, Hard Exclusion 
Rules guidelines, and Access Audits guidelines ] applications data including system administrator 
defined attributes that cross-references the applications profile data against unique identifiers; user 
data that includes a user's organization and citizenship that cross-references the users profile data 
against unique identifiers (Col. 4, Lines 40-41 ). Kraenzel teaches predetermined rules and 
methodologies data that facilitates accurate user access-decision making (Kraenzel, Col. 2, Lines 
12-26). 

• In response to applicants argument that there is no suggestion to combine 
the references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
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references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, both Kraenzel 
and Behera teaching are Access Control List, and a missing in Kraenzel technique 
could be supported by Behera teaching. 

• In response to applicant's argument that the examiner's conclusion of 
obviousness is based upon improper hindsight reasoning, it must be recognized that 
any judgment on obviousness is in a sense necessarily a reconstruction based upon 
hindsight reasoning. But so long as it takes into account only knowledge which was 
within the level of ordinary skill at the time the claimed invention was made, and does 
not include knowledge gleaned only from the applicant's disclosure, such a 
reconstruction is proper. See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 
1971). 

Claim Objections 

Claim 5 is objected to because of the following informalities: the database in the 
step of adding at least one of a rule, and the centralized database in the step of retrieving. 
Appropriate correction is required. 



Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 
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The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

Claims 1 and 5 are rejected under 35 U.S.C. 112, first paragraph, as failing 
to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the 
time the application was filed, had possession of the claimed invention. 

As in Claims 1 and 5, the Claimed retrieving from the centralized database, an exception 
access rule including pre-established criteria; applying the exception access rule to the completed 
request for quick approval; and automatically approving access based on the exception access rule if 
the user is denied access are not supported by the specification. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 1 01 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claim 16 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 



As set forth in MPEP 2106 (IV) (B) (1), and 2106 (IV) (B) (1) (a): 
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When nonfunctional descriptive material is recorded on some 
computer- readable medium, it is not statutory since no requisite 
functionality is present to satisfy the practical application 
requirement. Merely claiming nonfunctional descriptive material 
stored in a computer -readable medium does not make it statutory. 



Data structures not claimed as embodied in computer -readable media 
are descriptive material per se and are not statutory because they 
are not capable of causing functional change in the computer. See, 
e.g., Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760 (claim to a data 
structure per se held nonstatutory) . Such claimed data structures do 
not define any structural and functional interrelationships between 
the data structure and other claimed aspects of the invention which 
permit the data structure' s functionality to be realized. In 
contrast, a claimed computer -readable medium encoded with a data 
structure defines structural and functional interrelationships 
between the data structure and the computer software and hardware 
components which permit the data structure' s functionality to be 
realized, and is thus statutory. 

Claim 16 is directed to a computer-implemented database, a collection of information 
in a data structure, e.g., a file, but not claimed as embodied in computer readable 
media. Specifically, the claimed computer-implemented database comprises only 
nonfunctional descriptive materials, e.g., pre-established criteria, application data, user data, 
pre-determined rules and methodologies data. Therefore, Claim 16 is not Statutory. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 

the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 

the various claims was commonly owned at the time any inventions covered therein 

were made absent any evidence to the contrary. Applicant is advised of the obligation 

under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 

not commonly owned at the time a later invention was made in order for the examiner to 

consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 

prior art under 35 U.S.C. 1 03(a). 

Claims 1, 3 and 4 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Kraenzel [USP 6,513,039] in view of Behera [USP 6,535,879]. 

Regarding Claim 1 , Kraenzel teaches a method for providing access to users based on 
user profiles (Kraenzel, Abstract) and using a web-based system that includes a server system 
coupled to a centralized interactive database and at least one client system (Col. 1 , Lines 1 3-26, 

ACL is a centralized interactive database coupled with server/client system). , 
As shown in FIG. 1 , a profile compiling/updating object 32 may use the 
information received from user affinity determining object 30 to generate a user profile 

(Kraenzel, Col. 2, Lines 65-67) as the Step Of creating an electronic profile for a user within a 
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centralized database, and creating a list Of Object, e.g., files, documents... , as an electronic 
profile for data within ACL as the centralized database (Kraenzel, Col. 2, Lines 12-15). 

As shown in FIG. 3, a user accesses a requested object in a database at step 
152. The user's access privileges for the object(s) requested is retrieved at step 154. 
Based on step 154, step 156 determines whether the user's access privileges meet the 
minimum requirements set by the object administrator. If the user's access privileges 
meet the minimum requirements, step 158 retrieves the requested object and step 160 
presents the object(s) to the user (Kraenzel, Col. 4, Lines 20-31). As seen, the 
procedure for accessing a requested object as discussed indicates methodology is 
established for user access. 

In order to grant access to a requested Object or making a decision with reference to 

the user access, access privileges in ACL and user profile are compared, and the 

procedure is processed as at Step 1 56-1 58 to complete an evaluation based on the electronic 
profiles, and operating methodology in response to a request from the user for access (Kraenzel, Col. 
4, Lines 25-31). 

Referring back to FIG. 3, if the user is denied access indicating by NO branch of box 
156, box 162 determines if the user has requested for additional privileges, a YES and 
NO requests prompting the user to complete is implied at this box. Instead of granting 
access as indicated at boxes 152-156, an internal exception access process is implemented 
at boxed 1 62-1 66 for quick approval. 

Additional privileges, e.g., read-only, manager... is determined at box 166, and if 
privileges are granted, ACL is updated at box 168 (Col. 3, Lines 10-11, Col. 4, Lines 20- 
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43). As shown in FIG. 2 is the process of updating ACL. User privileges are determined 
at box 108, and user's affinity is determined at box 1 10 by applying inferencing rules or 
exception access rule with pre-established criteria (FIG. 2, Col. 3, Lines 58-65 and 15-27, Col. 
4, Lines 11-13). 

Kraenzel further discloses objects are stored in the database and can be 
searched by at least one field (Col. 2, Lines 54-56). A series of inferencing rules is used 
to determine user's affinity by user affinity determining object (Col. 3, Lines 61-62 and 
15-27), then profile system 14 enable the user to activate one or more inferencing rules 
as desired (Col. 4, Lines 11-13). As seen, an inferencing rule as an exception access rule 
including pre-established criteria in user affinity determining Object is retrieved from the 
database as centralized database by searching. 

After updating ACL, the access is automatically approved based on the inferencing 
rules or exception access rule (FIG. 3, boxes 156-1 58, Col. 4, Lines 25-27). 

Kraenzel does not explicitly teach pre-determined rules are established in addition with 
methodology as discussed above, and the evaluation based on pre-determined rules. 

Behera teaches a method to control access via properties system by providing 
ACL rules based on the properties associated with the entries (Behera, Col. 1, line 64- 
Col. 2, line 5). Behera further discloses the Step Of establishing pre-determined rules 
(Behera, Col. 4, Lines 25-54) and evaluating the pre-determined rules to grant access to a 
user (Behera, Col. 6, Lines 13-16). 

Therefore, it would have been obvious for one of ordinary skill in the art at the 
time the invention was made to modify the Kraenzel method by applying the access 



Application/Control Number: 09/842,577 Page 14 

Art Unit: 2162 

rules to the ACL as taught by Behera in order to grant access to a user or a group to a 
particular attribute object in the database. 

Regarding claim 3, Kraenzel and Behera, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 1 , Kraenzel further discloses 

the Step of creating data profiles based on at least one of Data Elements, Data Tags, Rules of Access, 
an Approver's Name for Each Rule of Access, Rules of Exclusion, an Exception List, and Field Tags 
(Kraenzel, Col. 1, lines 13-26). 

Regarding claim 4, Kraenzel and Behera, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 3, Behera further discloses the 

Step of establishing pre-determined rules in the centralized database based on at least one of Rule 
Based Access guidelines, Group Based Access guidelines, Search & Subscribe Utilities guidelines, 
Active Positioning Monitoring guidelines, Hard Exclusion Rules guidelines, and Access Audits 
guidelines; and establishing methodology to ensure timely and accurate decision making based on 
criteria established by the management (Behera, Col. 4, lines 26-55). 

Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kraenzel [USP 6,513,039] in view of Behera [USP 6,535,879], CERN 
[Administrative Information Services, Oracle HR] and Lillibridge [USP 6,195,698 
B1]. 
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Regarding claim 2, Kraenzel and Behera, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 1 , but fails to disclose the step 
Of creating an electronic profile based on information available from at least one an OHR Application 
and an RFC A Application. CERN teaches an OHR application and Lillibridge teaches an 
RFCA Application (Lillibridge, Col. 8, lines 35-46). Therefore, it would have been 
obvious for one of ordinary skill in the art at the time the invention was made to modify 
the Kraenzel and Behera method by using information from OHR Application and RFCA 
Application to build the electronic profile in order to distribute object to a user or a group 
via IP address. 

Claims 5-14 are rejected under 35 U.S.C. 102(e) as anticipated by or, in the 
alternative, under 35 U.S.C. 103(a) as obvious over Kraenzel [USP 6,513,039]. 

Regarding to claim 5, Kraenzel teaches a method for managing a user profile 
(Kraenzel, Abstract) using a web-based system that includes a server system coupled to a centralized 
interactive database and at least one client system (Col . 1 , Lines 1 3-26, ACL is a centralized 
interactive database coupled with server/client system). The Kraenzel method 
comprises the steps of: 

providing capabilities for a user to request access to information that the user currently does 
not have access to (As shown in FIG. 3, after making an object request access at box 152 
and if user privilege does not meet minimum requirement for object requested at box 
156, additional privilege can be requested and processed by boxes 162-168. Boxes 
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1 62-1 68 as capabilities for a user to request access to information that the user currently does not 
have access to)] 

tracking a status of the request using a tracking component coupled to the centralized 

interactive database (as illustrated at Kraenzel FIG. 3, after making a request access at 
box 1 52, a status of the request, either YES for retrieving object at box 1 58 or NO for 
requesting additional privileges at box 162, Col. 4, Lines 20-35, is tracked by Access 
Determining Object 24, Col. 3, Lines 5-7, as a tracking component included in Profile 
System 14. Access Determining Object 24 is coupled to an ACL as centralized interactive 
database, Col. 2, Lines 14-16); 

obtaining a decision from an owner of the data requested (additional privilege is 
determined by system administrator to have YES/NO branch, Col. 4, Lines 37-39); 

If the request for data access is approved at box 166, ACL is updated at box 168 
(FIG. 3). The update process is illustrated at Col. 3, Line 58-Col. 4, Lines 1 with 
inferencing rules or and a profile for the user. In short, the ACL update process 

performs the Claimed if the request for data access is approved, adding at least one of a rule and the 
user to the database] 

notifying the user of the decision (NO decision is notified to the user at box 164, FIG. 

3). 

Referring back to Kraenzel FIG. 3, user privilege is determined again at box 156, 
if the user is denied access indicating by NO branch of box 156, box 162 determines if the 
user has requested for additional privileges, a YES and NO requests prompting the user to 
complete the request for additional privileges as quick approval is implied at this box. Instead 
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Of granting access as indicated at boxes 1 52-1 56, an internal exception access process is 
implemented at boxed 162-1 66 far additional privileges as quick approval that is approved 
based on pre-established criteria, e.g., read-only, manager... as illustrate at Col. 3, 
Lines 9-11. 

Additional privileges, e.g., read-only, manager... is determined at box 166, and if 
privileges are granted, ACL is updated at box 168 (Col. 3, Lines 10-11, Col. 4, Lines 20- 
43). As shown in FIG. 2 is the process of updating ACL. User privileges are determined 
at box 108, and user's affinity is determined at box 1 10 by applying inferencing rules or 
exception access rule with pre-established criteria (FIG. 2, Col. 3, Lines 58-65 and 1 5-27, Col. 
4, Lines 11-13). 

Kraenzel further discloses objects are stored in the database and can be 
searched by at least one field (Col. 2, Lines 54-56). A series of inferencing rules is used 
to determine user's affinity by user affinity determining object (Col. 3, Lines 61-62 and 
15-27), then profile system 14 enable the user to activate one or more inferencing rules 
as desired (Col. 4, Lines 11-13). As seen, an inferencing rule as an exception access rule 

including pre-established criteria in user affinity determining Object is retrieved from the 

database as centralized database by searching. 

After updating ACL, the access is automatically approved based on the inferencing 
rules or exception access rule (FIG. 3, boxes 156-158, Col. 4, Lines 25-27). 

Kraenzel does not explicitly teach the Step Of managing access control to applications 
and data by implementing a level of security across the different applications that is the same for each 

application as in the preamble. 
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However, as disclosed by Kraenzel, ACL is used for generating or updating a 
profile (Col. 3, Lines 3-4). ACL also is used to control access to objects, e.g., files, 
documents... (Col. 2, Lines 12-15) with different level such as read-only, manager... 
(Col. 3, Lines 4-12). As seen, a level of security, e.g., read-only, manager..., is implemented 
across different applications is the same for each applications, e.g., generating, updating a 
profile, object accessing, by using ACL, and obviously, is the same for each applications 
because only one ACL is used, and the purpose of privileges, e.g., read-only, 
manager... , is to manage access control to application such as generating, updating a profile, 
object accessing. 

Regarding claim 6, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of obtaining at least one 
of an approval decision and a disapproval decision (Kraenzel, Col. 4, lines 20-43). 

Regarding claim 7, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of reviewing and auditing 
the user access (Kraenzel, Col. 4, lines 20-43). 

Regarding claim 8, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of creating a consistent 
security model that includes centralized administration of security of the system and uses single user 
profile and privilege for accessing different applications (Col. 3, lines 1-15; Col. 4, lines 20-43). 
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Regarding claim 9, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of creating user profiles; 

providing access control to data associated with user profiles; defining permissions based on a user 
* identifier associated with user profiles; and developing a specification for user interfaces (Kraenzel, 
Col. 3, line 1-Col. 4, line 13). 

Regarding claim 10, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step providing administration 

of a common security model for access control and event notification (Kraenzel, FIG. 3). 

Regarding claim 1 1 , Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of updating profiles 

automatically on at least one of a pre-determined timed interval and a change in organization 
hierarchy (Kraenzel, Col. 3, lines 33-42). 

Regarding claim 12, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel does not explicitly teach the step of updating 

profiles automatically when a user transfers departments. However, as disclosed by Kraenzel, 

profile system 14 may automatically update a user's profile by periodically checking the 
ACL of the network. This may be performed on a routine basis, or on a random basis, 
when requested by a system administrator, or at various other instances. System 14 



Application/Control Number: 09/842,577 Page 20 

Art Unit: 2162 

may also use the above process for updating a user profile by simply adding 
supplemental information to the user profile (Kraenzel, Col. 3, lines 33-42). Thus, when 
a user transfers departments, system administrator updates the ACL, and user profile 
will be updated automatically. Therefore, it would have been obvious for one of ordinary 
skill in the art at the time the invention was made to modify the Kraenzel and Stockwell 
method by including the step of updating profiles when a user transfers department in 
order to control access to a database. 

Regarding claim 13, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of generating access list 
reports that identify accessible and non-accessible data and restrictions for access (Kraenzel, Col. 1 , 
lines 20-26 and Col. 2, lines 12-16). 

Regarding claim 14, Kraenzel teaches all the claim subject matters as discussed 
above with respect to claim 5, Kraenzel further discloses the step of retrieving information 

from the centralized database in response to a specific inquiry from an administrator (Kraenzel, Col. 
4, lines 20-43). 

Claim 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kraenzel [USP 6,513,039] in view of Stockwell et al. [USP 5,950,195]. 
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Regarding claim 15, Kraenzel teaches all the claim subject matters as discussed 

above With respect to Claim 5, Kraenzel fails to teach the client system and the server system 
are connected via a network and wherein the network is one of a wide area network, a local area 
network, an intranet and the Internet. Stockwell discloses the client system and the server system 
are connected via a network and wherein the network is one of a wide area network, a local area 
network, an intranet and the Internet (Stockwell, Col. 4, lines 21-28). Therefore, it WOUld 

have been obvious for one of ordinary skill in the art at the time the invention was made 
to modify the Kraenzel method by including a network in order to process the method 
for the remote users. 

Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Behera [USP 6,535,879] in view of Kraenzel [USP 6,513,039 B1]. 

Regarding to claim 16, Behera teaches a LDAP as a database configured to be 
protected from access by using Access Control List or ACL. The Directory Server 
Administrator creates basic ACL rules that grant specific users access to certain 
information in the directory (Behera, Col. 3, lines 9-37). Behera further discloses the 
ACL rules that comprises a group based access guidelines based on the attributes to 
set up the rule (Behera, Col. 4, lines 42-44) as data corresponding to pre-established criteria 
developed from access rules and criteria including at least one of Rule Based Access guidelines, Group 
Based Access guidelines, Search & Subscribe Utilities guidelines, Active Positioning Monitoring 
guidelines, Hard Exclusion Rules guidelines, and Access Audits guidelines. As in Behera, Col. 4, 
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Lines 40-41 , in order to allow access to a specific user, user name and access 
privileges such as read, write are used 

ACL: (list of attrs) (allow(read) user= "prasanta") 

As seen, a user can retrieve data in the database corresponding to the read 
applications, the read application is cross-referenced against an access privilege (read) 
as unique identifiers, and user name as data corresponding user that cross-references 
user name against "prasanta" as unique identifier. In other words, the technique as 
discussed indicates data corresponding to applications, including system administrator defined 
attributes that cross-references the applications profile data against unique identifiers; data 
corresponding to users that includes a user's organization and citizenship that cross-references the 

users profile data against unique identifiers. Although the directory server matches the 
desired attributes within the specified attribute fieldname with the user's attributes for 
allowing access to the directory entry only if the user has the desired attribute values. 
Behera fails to teach data corresponding to pre-determined rules and methodologies that facilitates 

accurate user access-decision making. Kraenzel teaches a method for generating a profile of 
a network user based on a user's access privileges stored in an access control list 
(ACL). Profile generating systems is a client/server system having multiple users 
connected over a network, wherein users may also be connected to one or more 
databases via the network (Kraenzel, Col. 1, lines 13-18). As shown in FIG. 3, a user 
accesses a requested object in a database at step 152. The user's access privileges for 
the object(s) requested is retrieved at step 154. Based on step 154, step 156 
determines whether the user's access privileges meet the minimum requirements set by 
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the object administrator. If the user's access privileges meet the minimum requirements, 
step 158 retrieves the requested object and step 160 presents the object(s) to the user. 
If, however, step 156 determines that the user's access privileges do not meet the 
minimum requirements set by a system administrator for that object(s), step 162 
determines whether the user has requested additional privileges from the system 
administrator. If additional privileges have not been requested, step 164 notifies the 
user that access has been denied. Otherwise, step 166 determines if additional 
privileges have been granted. If additional privileges have been granted, step 168 
updates the ACL and may proceed to retrieve and present the requested object using 
steps 158 and 160 respectively. If step 166 determines that additional privileges have 
not been granted, the user may be notified that access has been denied using step 164 
(Kraenzel, Col. 4, lines 20-43). As seen, the procedure for accessing a requested object 

of FIG. 3 as predetermined rules and methodologies that facilitates accurate user access-decision 
making. Therefore, it would have been obvious for one of ordinary skill in the art at the 
time the invention was made to modify the Behera technique by using the method of 
access as taught by Kraenzel in order to process an access request of a user. 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .1 36(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to HUNG Q. PHAM whose telephone number is 571-272- 
4040. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, JOHN E. BREENE can be reached on 571-272-4107. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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